Unlock instant, AI-driven research and patent intelligence for your innovation.

Data communication system and method

a data communication and data communication technology, applied in the field of data communication system and method, can solve the problems of inherently insecure and easy to be exploited, organisations are forced to take defensive measures, and existing session establishment for tcp over ip networks is inherently insecur

Inactive Publication Date: 2006-11-09
BARRON MCCANN TECH
View PDF10 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0029] The present invention seeks to provide a solution for protecting against these attacks whilst at the same time providing a scalable and flexible method for exchanging data securely over Public IP networks using TCP connections. In particular the use of specific datagrams for session establishment provides for the end-point devices, initiator and receiver, to be invisible to attackers on the Public IP infrastructure. TCP is chosen as a reliable data carrier over IP networks.

Problems solved by technology

However, by connecting trusted areas and devices to public networks, they become open to attack and abuse.
This means that organisations are forced to take defensive measures against attack.
Unfortunately, it is well known that existing session establishment for TCP over IP networks is inherently insecure and prone to exploitation by Active and Intrusion attacks.
Denial of service (DoS) attacks cost businesses millions of dollars each year and are now a serious threat to any system or network connected to a public network.
These costs are related to system downtime, lost revenues and the labour involved in identifying and reacting to such attacks.
Essentially, a DoS attack disrupts or completely denies services to legitimate users, networks, systems or other resources.
The intent of such attacks is usually malicious and often takes little skill or resources because the requisite tools are readily available.
While the standard 3-way handshake works well most of the time, most systems have only a finite number of resources available for setting up connections and potential.
While most systems can sustain hundreds of concurrent connections to a specific port, it may only take a dozen or so potential connection requests to exhaust all resources allocated to setting up connections.
It is this weakness that attackers use to disable a system.
The system under attack will never be able to clear the queue before receiving new SYN requests.
However, if a TCP / IP system is to communicate successfully with another at least one port must be left open and this in itself creates a vulnerability when the connection is over a public network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data communication system and method
  • Data communication system and method
  • Data communication system and method

Examples

Experimental program
Comparison scheme
Effect test

first embodiment

[0038]FIG. 2 is a schematic diagram of a data communications system according to the present invention.

[0039] A first communication system 100 is connected to an insecure network 110 and communicates using TCP. However, the first communication system 100 is configured to not acknowledge, reply or otherwise give away its existence to new incoming TCP traffic. As described with reference to FIG. 1, in a standard TCP communication system if a connection request is received in the form of a SYN TCP packet, the communication system would give away its existence by replying. In the present embodiment, upon receipt of such a SYN packet (or indeed any other unexpected packet type), the first communication system 100 does nothing. Preferably, the first communication system 100 discards such packets. Thus, potential attackers are not able to implement DoS attacks and the like.

[0040] In order to establish a connection with the first communication system 100, a second communication system 120 ...

second embodiment

[0042]FIG. 3 is a schematic diagram of a data communications system according to the present invention.

[0043] The second embodiment operates in a similar manner to the first embodiment, as discussed with reference to FIG. 1. However, instead of it being reliant on the second communication system 120 to follow the connection request message 130 with a TCP SYN packet 140, the first communication system 100 instead instigates the handshake by sending the SYN packet 140 upon receipt of a valid connection request message 130.

third embodiment

[0044]FIG. 4 is a schematic diagram of the present invention.

[0045] In this embodiment, the first communication system 100 is configured to require more than a valid connection request message 130 of a predetermined format to permit a connection. The connection request message 130 is preferably used by the second communication system 120 to transmit data content that is examined by the first communication system 100 to authenticate the first communication system 120. Authentication may, for example be dependent on the first communication system 120 providing one of a number of approved identities, network addresses, passwords or other authentication data. Alternatively, or in addition, authentication may include the first communication system sending a response message 150 to the address of the second communication system 120, which the second communication system 120 must reply to in a further response message 160. In this example, the response message may include a code that must ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A data communications method and system is disclosed in which the transmission control protocol (TCP) is used for data communications. In order to provide security against denial of service attacks and the like, a connection negotiation phase is required before the TCP handshake. Without a successful connection negotiation, a TCP handshake is unable to complete thereby preventing connection.

Description

FIELD OF THE INVENTION [0001] The present invention relates to a system and method for securing data communications over a network and is particularly relevant to networks using the Transmission Control Protocol (TCP). BACKGROUND TO THE INVENTION [0002] In data communications, Internet Protocol (IP) networks have become pervasive. In particular, the majority of public data communication networks, particularly the Internet, use IP. Given the availability of cheap, high speed, access to public data communications networks using DSL connections or similar, many organisations wish to use these networks to provide interconnectivity between trusted areas or devices. The trusted devices may be located, for example at branch offices or homes. Trusted areas would include networks within corporate offices. [0003] However, by connecting trusted areas and devices to public networks, they become open to attack and abuse. This means that organisations are forced to take defensive measures against...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F15/16H04L29/06
CPCH04L63/1458H04L69/163H04L69/16
Inventor CLARK, ANDREWRPROLE, ROBERT ARNOLD
Owner BARRON MCCANN TECH